Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

analyzer/NPM: Add support for ignore-scripts parameter when npm ci is used #4699

Closed
rockebee opened this issue Nov 15, 2021 · 0 comments
Closed

analyzer/NPM: Add support for ignore-scripts parameter when npm ci is used #4699

rockebee opened this issue Nov 15, 2021 · 0 comments
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements

Comments

@rockebee
Copy link

Introduced with #273, the "--ignore-scripts" option is used to prevent execution of any build scripts of the node.js project or its dependencies. However, this flag is not (yet) used for npm ci cases (introduced with #877), but IMHO it is totally valid to do so as same reasoning applies here (prevent execution of arbitrary build scripts + high risk of failing because the scripts could try to compile native code).

Caveat: ignore-scripts was introduced with NPM 5.7.0 (together with npm ci itself), but was not supported in NPM versions 7.0.0 < 7.4.0 (link)

If there are no objections, I would be able to prepare a PR for this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschuberth @rockebee